Please please please, do your brain a favor and listen to the Astonomy 161 lectures by Richard Pogge (Ohio State).
In other news, Endian remains the bomb-diggity. Three minor-ish criticisms:
- The out-going firewall interface needs the ability to create rulesets with a range of ports, rather then just by one at a time. This was somewhat mitigated by the discovery that I can acually put an FQDN into a rule…Stupid Microsoft Streaming Media Services (SM SMS).
- Ident, port 113 is enabled, but closed, by default. What? So, I’m in stealth on all the well-known ports…except 113? I mean, come on! Let me open it up if I need it.
- Why, oh, why does it reply to ICMP (ping) on the external interface!?!??! What in the world!? Oh, and how do you turn it off? What? No one knows??!?!? Give me a break, here, guys. 🙂
I need to do some more testing with OpenVPN to see if I hate it as badly as I think I do…
These are relatively minor complaints. As far as a firewall goes, and a proxy, it’s running REALLY well. 50-billion or so times more secure than my little Belkin.
Point three above though, is the most troubling. I’ll probably have to do some M4D ipchains hax0ring to fix it.